Hi

I've spent a few hours trying to resolve security (authorization) related 
problem in a big Pyramid app.
The problem was on my side - an exception was thrown inside __acl__ 
property on RootFactory level, something like this:
class RootFactory(object):
    @property
    def __acl__(self):
        def load_ACL():
            acl = []
            for group in GroupFacade*.all()*: # 'all' function was not 
defined
                ...
            return acl
        return load_ACL()
In result access to all views with permission defined was denied.
After small investigation I've found that this exception was silently 
handled on Pyramids side:

for location in lineage(context):
try:
    acl = location.__acl__
except AttributeError:
    *continue*


I think that it should be a good idea to change this behavior or add proper 
trace here.
Any exception related to missing attribute here will cause hard to find 
error and misleading trace:

<No ACL found on any object in resource lineage>


Any ideas to handle it in a proper way?

--
Thanks
Artur Lew

-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/pylons-discuss/-/WzA1b5gTWV0J.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/pylons-discuss?hl=en.

Reply via email to